http://www.freebsdwiki.net/index.php?title=Firewall&feed=atom&action=historyFirewall - Revision history2024-03-28T20:25:37ZRevision history for this page on the wikiMediaWiki 1.18.0http://www.freebsdwiki.net/index.php?title=Firewall&diff=13364&oldid=prevJimbo at 22:14, 25 August 20122012-08-25T22:14:12Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:14, 25 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 46:</td>
<td colspan="2" class="diff-lineno">Line 46:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: FreeBSD Terminology]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:Firewall]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13147:newid:13364 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall&diff=13147&oldid=prev173.88.199.104 at 20:35, 13 August 20122012-08-13T20:35:45Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 20:35, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">A '''firewall''' is a software application that runs on a Freebsd system acting as a gateway to the public internet that examines the traffic wanting to pass through it making decisions about whether to allow, deny, log, NAT, and/or otherwise fiddle with the traffic on a packet-by-packet basis by consulting a ruleset it's been programmed with.</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">The main purpose of firewalls is to protect an internal </del>network <del class="diffchange diffchange-inline">from malicious </del>traffic <del class="diffchange diffchange-inline">inbound </del>from <del class="diffchange diffchange-inline">public networks</del>. <del class="diffchange diffchange-inline">They can monitor and/or </del>control <del class="diffchange diffchange-inline">both inbound and outbound traffic. In particular, in work related environments it </del>can be <del class="diffchange diffchange-inline">useful </del>to deny <del class="diffchange diffchange-inline">outbound </del>traffic on <del class="diffchange diffchange-inline">ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">== Firewalls ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">All software firewall applications are based on monitoring </ins>network <ins class="diffchange diffchange-inline">packet </ins>traffic <ins class="diffchange diffchange-inline">flow to and </ins>from <ins class="diffchange diffchange-inline">your system</ins>. <ins class="diffchange diffchange-inline">The values of selected packet </ins>control <ins class="diffchange diffchange-inline">fields </ins>can be <ins class="diffchange diffchange-inline">interrogated by user written rules </ins>to <ins class="diffchange diffchange-inline">allow or </ins>deny <ins class="diffchange diffchange-inline">packet </ins>traffic <ins class="diffchange diffchange-inline">based </ins>on <ins class="diffchange diffchange-inline">your security needs</ins>.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">FreeBSD has three firewall soultions available</del>, <del class="diffchange diffchange-inline">they are; [ipfw] </del>(<del class="diffchange diffchange-inline">FreeBSD-maintained</del>), <del class="diffchange diffchange-inline">[pf] </del>(<del class="diffchange diffchange-inline">OpenBSD-originated</del>, <del class="diffchange diffchange-inline">ported </del>to <del class="diffchange diffchange-inline">FreeBSD</del>), and <del class="diffchange diffchange-inline">[ipf] </del> <del class="diffchange diffchange-inline">(OS</del>-<del class="diffchange diffchange-inline">agnostic</del>, <del class="diffchange diffchange-inline">ipfilter ported </del>to <del class="diffchange diffchange-inline">FreeBSD)</del>.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Selection can be based on source and destination IP address</ins>, <ins class="diffchange diffchange-inline">the source and destination port number, the type of protocol used </ins>(<ins class="diffchange diffchange-inline">TCP, UDP, ICMP</ins>), <ins class="diffchange diffchange-inline">or any combination. Firewall software applications provide a much, much finer level of control than that provided by a hardware router. They can be used to protect a single FBSD system or a complete internal network </ins>(<ins class="diffchange diffchange-inline">LAN) by preventing public Internet traffic from making arbitrary connections to your internal network. They may also be used to prevent public Internet entities from spoofing internal IP addresses and to disable services you do not want accessed from the public Internet or by internal LAN users.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Finally</ins>, <ins class="diffchange diffchange-inline">firewalls may be used </ins>to <ins class="diffchange diffchange-inline">support NAT (network address translation</ins>), <ins class="diffchange diffchange-inline">which allows an internal network using private IP addresses to share a single connection to the public Internet, or letting commercial users share a range of static public IP addresses automatically among the LAN users.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">== Firewall Rule Set Types ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Constructing a software application firewall rule set may seem to be trivial, but most people get it wrong. The most common mistake is to create an exclusive firewall rather than an inclusive firewall. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">An exclusive firewall allows all services through except for those matching a set of rules that block certain services. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">An inclusive firewall does the reverse. It only allows services matching the rules through </ins>and <ins class="diffchange diffchange-inline">blocks everything else. This way you can control what services can originate behind the firewall destined for the public Internet and also control which services originating from the public Internet may access your network. Inclusive firewalls are much, much safer than exclusive firewalls. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">When you use your browser to access a web site there are many internal functions that happen before your screen fills with the data from the target web site. Your browser does not receive one large file containing all the data and display format instructions at one time. Each internal function accesses the public Internet in multiple send/receive cycles of packets of information. When all the packets containing the data finally arrive, the data contained in the packets is combined together to fill your screen. Each service has its own port number. The port number 80 is for web page services. So you can code your firewall to only allow web page session start requests originating from your LAN to pass through the firewall out to the public Internet. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Security can be tightened further by telling the firewall to monitor the send/receive cycles of all the packets making up that session until the session </ins> <ins class="diffchange diffchange-inline">completes. These are called stateful capabilities and provide the maximum level of protection. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">A firewall rule set that does not implement stateful capabilities on all the services being authorized is an insecure firewall that is still open to many of the most common methods of attack. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">== Firewall Software Applications ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">FBSD has three different firewall software products built into the base system. They are IPFILTER also known as IPF, IPFIREWALL also known as IPFW, and the OpenBSD Packet Filter known as PF. IPFW has the built in traffic shaper facilities for controlling bandwidth usage called dummynet. PF has it's built in traffic shaper facilities for controlling bandwidth usage called ALTQ. IPFILTER does not have a built in traffic shaper facility for controlling bandwidth usage, but the ALTQ port application can be used to accomplish the same function. The dummynet feature and ALTQ is generally useful only to large ISPs or commercial users. IPF, IPFW, and IP use rules to control the access of packets to and from your system, although they go about it different ways and have different rule syntaxes. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">The IPFW /etc/rc.firewall sample rule set delivered in the basic install is outdated, complicated and does not use stateful rules on the interface facing the public Internet. It exclusively uses legacy stateless rules which only have the ability to open or close the service ports. The IPFW example stateful rule sets presented here supercedes the /etc/rc.firewall file distributed with the system.  </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Stateful rules have technically advanced interrogation abilities capable of defending against the flood of different attack methods currently employed by attackers.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Both of these firewall software solutions IPF and IPFW still maintain the legacy heritage of their original rule processing order and reliance on non</ins>-<ins class="diffchange diffchange-inline">stateful rules. These outdated concepts are not covered here</ins>, <ins class="diffchange diffchange-inline">only the new, modern stateful rule construct and rule processing order is presented. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">You should read about all 3 firewalls, and them make your own decision on which one best fits your needs. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">The author prefers IPFILTER because its stateful rules are much less complicated </ins>to <ins class="diffchange diffchange-inline">use in a Nat environment, and it has a built in FTP proxy that simplifies the rules to allow secure outbound FTP usage</ins>. <ins class="diffchange diffchange-inline">It is also more appropriate to the knowledge level of the inexperienced firewall user. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Since all firewalls are based on interrogating the values of selected packet control fields, the creator of the firewall rules must have an understanding of how TCP/IP works, what the different values in the packet control fields are and how these values are used in a normal session conversation. For a good explanation go to http://www.ipprimer.com/overview.cfm.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: FreeBSD Terminology]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13130:newid:13147 -->
</table>173.88.199.104http://www.freebsdwiki.net/index.php?title=Firewall&diff=13130&oldid=prev173.88.199.104 at 18:53, 13 August 20122012-08-13T18:53:21Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:53, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>A '''firewall''' is a software application that runs on a Freebsd system acting as a gateway to the public internet that examines the traffic wanting to pass through it making <del class="diffchange diffchange-inline"> </del>decisions about whether to allow, deny, log, NAT, and/or otherwise fiddle with the traffic on a packet-by-packet basis by consulting a ruleset it's been programmed with.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>A '''firewall''' is a software application that runs on a Freebsd system acting as a gateway to the public internet that examines the traffic wanting to pass through it making decisions about whether to allow, deny, log, NAT, and/or otherwise fiddle with the traffic on a packet-by-packet basis by consulting a ruleset it's been programmed with.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The main purpose of firewalls is to protect an internal network from malicious traffic inbound from public networks. They can monitor and/or control both inbound and outbound traffic. In particular, in work related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The main purpose of firewalls is to protect an internal network from malicious traffic inbound from public networks. They can monitor and/or control both inbound and outbound traffic. In particular, in work related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 6:</td>
<td colspan="2" class="diff-lineno">Line 6:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category: FreeBSD Terminology]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13121:newid:13130 -->
</table>173.88.199.104http://www.freebsdwiki.net/index.php?title=Firewall&diff=13121&oldid=prev173.88.199.104: Firewall2012-08-13T18:18:24Z<p>Firewall</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:18, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">A '''firewall''' is a software application that runs on a Freebsd system acting as a gateway to the public internet that examines the traffic wanting to pass through it making  decisions about whether to allow, deny, log, NAT, and/or otherwise fiddle with the traffic on a packet-by-packet basis by consulting a ruleset it's been programmed with.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">The main purpose of firewalls is to protect an internal network from malicious traffic inbound from public networks. They can monitor and/or control both inbound and outbound traffic. In particular, in work related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">FreeBSD has three firewall soultions available, they are; [ipfw] (FreeBSD-maintained), [pf] (OpenBSD-originated, ported to FreeBSD), and [ipf]  (OS-agnostic, ipfilter ported to FreeBSD). </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:Securing FreeBSD]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13120:newid:13121 -->
</table>173.88.199.104http://www.freebsdwiki.net/index.php?title=Firewall&diff=13120&oldid=prev173.88.199.104: Blanked the page2012-08-13T18:14:32Z<p>Blanked the page</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:14, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">#REDIRECT [[:Category:Firewall]]</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">[[Category:FreeBSD Terminology]]</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">[[Category:Securing FreeBSD]]</del></div></td><td colspan="2"> </td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:8567:newid:13120 -->
</table>173.88.199.104http://www.freebsdwiki.net/index.php?title=Firewall&diff=8567&oldid=prevJimbo: Redirecting to Category:Firewall2007-06-21T21:34:39Z<p>Redirecting to <a href="/index.php/Category:Firewall" title="Category:Firewall">Category:Firewall</a></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:34, 21 June 2007</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">A '''firewall''' is a </del>[[<del class="diffchange diffchange-inline">gateway]] device which sits between networks and examines the traffic wanting to pass through it, and makes decisions about whether to allow, deny, log, [[NAT]], and/or otherwise fiddle with that traffic on a packet-by-packet basis by consulting a ruleset it's been programmed with.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">#REDIRECT </ins>[[:<ins class="diffchange diffchange-inline">Category:</ins>Firewall]]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">The main purpose of most firewalls is to protect an internal network from malicious traffic inbound from the outside network(s), but they can also be used to monitor and/or control outbound traffic.  In particular, in work-related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">Under FreeBSD, three kernel firewalls are available; [[ipfw]] (FreeBSD-based), [[pf]] (OpenBSD-originated, ported to FreeBSD), and [[ipf]] (OS-agnostic). [[ipfw]] and [[ipf]] will work as [[modules]] but if you're going to be running them at all, you'll probably want to recompile your kernel for static support -- see [[Firewall, Configuring]], below.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">see also</del>: <del class="diffchange diffchange-inline">[[</del>Firewall<del class="diffchange diffchange-inline">, Configuring]], [[Firewall, Monitoring]], [[ipfw]], [[Network Address Translation]], [[Gateway</del>]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td></tr>
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall&diff=8512&oldid=prevJimbo at 17:59, 21 June 20072007-06-21T17:59:03Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 17:59, 21 June 2007</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 5:</td>
<td colspan="2" class="diff-lineno">Line 5:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Under FreeBSD, three kernel firewalls are available; [[ipfw]] (FreeBSD-based), [[pf]] (OpenBSD-originated, ported to FreeBSD), and [[ipf]] (OS-agnostic). [[ipfw]] and [[ipf]] will work as [[modules]] but if you're going to be running them at all, you'll probably want to recompile your kernel for static support -- see [[Firewall, Configuring]], below.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Under FreeBSD, three kernel firewalls are available; [[ipfw]] (FreeBSD-based), [[pf]] (OpenBSD-originated, ported to FreeBSD), and [[ipf]] (OS-agnostic). [[ipfw]] and [[ipf]] will work as [[modules]] but if you're going to be running them at all, you'll probably want to recompile your kernel for static support -- see [[Firewall, Configuring]], below.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>see also: [[Firewall, Configuring]], [[Network Address Translation]], [[Gateway]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>see also: [[Firewall, Configuring<ins class="diffchange diffchange-inline">]], [[Firewall, Monitoring]], [[ipfw</ins>]], [[Network Address Translation]], [[Gateway]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Securing FreeBSD]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:6105:newid:8512 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall&diff=6105&oldid=prevDave at 04:56, 11 April 20062006-04-11T04:56:13Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 04:56, 11 April 2006</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The main purpose of most firewalls is to protect an internal network from malicious traffic inbound from the outside network(s), but they can also be used to monitor and/or control outbound traffic.  In particular, in work-related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The main purpose of most firewalls is to protect an internal network from malicious traffic inbound from the outside network(s), but they can also be used to monitor and/or control outbound traffic.  In particular, in work-related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Under FreeBSD, three kernel firewalls are available; [[ipfw]], [[pf]], and [[ipf]].</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Under FreeBSD, three kernel firewalls are available; [[ipfw]] <ins class="diffchange diffchange-inline">(FreeBSD-based)</ins>, [[pf]] <ins class="diffchange diffchange-inline">(OpenBSD-originated, ported to FreeBSD)</ins>, and [[ipf]] <ins class="diffchange diffchange-inline">(OS-agnostic). [[ipfw]] and [[ipf]] will work as [[modules]] but if you're going to be running them at all, you'll probably want to recompile your kernel for static support -- see [[Firewall, Configuring]], below</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>see also: [[Firewall, Configuring]], [[Network Address Translation]], [[Gateway]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>see also: [[Firewall, Configuring]], [[Network Address Translation]], [[Gateway]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:6101:newid:6105 -->
</table>Davehttp://www.freebsdwiki.net/index.php?title=Firewall&diff=6101&oldid=prev207.81.253.20 at 01:44, 11 April 20062006-04-11T01:44:43Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 01:44, 11 April 2006</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The main purpose of most firewalls is to protect an internal network from malicious traffic inbound from the outside network(s), but they can also be used to monitor and/or control outbound traffic.  In particular, in work-related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The main purpose of most firewalls is to protect an internal network from malicious traffic inbound from the outside network(s), but they can also be used to monitor and/or control outbound traffic.  In particular, in work-related environments it can be useful to deny outbound traffic on ports used for non-work-related peer-to-peer file-sharing networks; and to deny and log outbound traffic that is characteristic of malware-related activity.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Under FreeBSD, <del class="diffchange diffchange-inline">the </del>kernel <del class="diffchange diffchange-inline">firewall </del>available <del class="diffchange diffchange-inline">is </del>[[ipfw]].</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Under FreeBSD, <ins class="diffchange diffchange-inline">three </ins>kernel <ins class="diffchange diffchange-inline">firewalls are </ins>available<ins class="diffchange diffchange-inline">; </ins>[[ipfw<ins class="diffchange diffchange-inline">]], [[pf]], and [[ipf</ins>]].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>see also: [[Firewall, Configuring]], [[Network Address Translation]], [[Gateway]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>see also: [[Firewall, Configuring]], [[Network Address Translation]], [[Gateway]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:4763:newid:6101 -->
</table>207.81.253.20http://www.freebsdwiki.net/index.php?title=Firewall&diff=4763&oldid=prevDave at 04:45, 14 December 20052005-12-14T04:45:11Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 04:45, 14 December 2005</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 8:</td>
<td colspan="2" class="diff-lineno">Line 8:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:FreeBSD Terminology]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:Securing FreeBSD]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:3399:newid:4763 -->
</table>Dave